Global security operations centers (GSOCs) are centralized command-and-control environments that enable a level of enterprise-wide visibility that distributed or regional security operations centers (SOCs) on their own can sometimes lack.
At a time when security monitoring, streamlined threat assessment and efficient incident response are more important than ever, it’s perhaps not surprising that many organizations are seeking to converge distributed sites into a robustly equipped GSOC.
Let’s take a closer look at the latest trends in this space, drawing on not only a Security Sales & Integration research study but also detailed interviews with recognized experts in mission-critical operations.
Each one’s in-the-trenches perspective will add nuance to our evolving understanding of GSOCs’ growing and vital role.
We are delighted to feature commentary from Angela Nolan, VP of systems integration and control room subject matter expert, CTI; Tyler Bonner, senior VP, mission critical environments, Diversified; and Louis Boulgarides, president/CEO, Ollivier Managed Security.
A Growing Trend
According to SSI’s research study of the integrator community, there does seem to be a movement toward consolidating distributed SOCs into GSOC environments. In fact, 47.4% of survey respondents called it a strong trend, while another 42.1% called it a minor trend.
Only one in 10 integrator respondents said they’re seeing less consolidation and greater dispersion.
That being said, GSOCs certainly aren’t one-size-fits-all solutions.
“Only after an in-depth assessment of [the client’s] unique operational requirements, estimated budget, geographical spread and overall security program can you determine if a GSOC converging and managing multiple sites from a single control center is the most suitable approach,” says Nolan.
She also notes that a hierarchical-type operational structure or hybrid model — GSOC as central hub, collaborating with and relying on a handful of regional SOCs — can offer the best balance of centralization and decentralization for some clients.
Nolan sees operators today interfacing with highly advanced integrated technologies while, at the same time, facing escalating threat vectors from malicious actors.
“Of late,” she begins, “security teams are being afforded new analytics tools and enhanced monitoring and detection capabilities, many of which have already been proven to significantly improve performance and reduce inefficiencies.”
On the other hand, Nolan adds, “there’s the trend of mounting complexity, scale and sheer evasiveness of both cyber and physical security threats faced 24/7 by organizations worldwide.”
These trends, she declares, are “contributing to SOC managers and stakeholders leaning toward operational restructuring that centralizes control, streamlines threat intelligence gathering, reduces redundancies and optimizes resource allocation.”
Bonner takes a different view, arguing that GSOCs have a different function than SOCs, which means consolidation isn’t always a simple proposition.
“SOCs are typically focused on a building, campus or maybe a region,” he explains. “Where a GSOC does overlay the underlying SOCs, [it’s] not from a video management or physical security aspect.”
In Bonner’s view, GSOCs are more focused on monitoring all of an organization’s assets — not just the physical security of buildings.
Boulgarides, meanwhile, say that one of the most significant costs in running an operations center is labor. Considerations like that factor into the decision to embrace the GSOC model.
“There is definitely a movement toward consolidation for operational efficiencies and labor savings,” he observes.
Dollars and Cents
Fiscal considerations also play a role in integrators’ own decision-making as regards whether to pursue GSOC work. Nolan points to project data from command-and-control room systems deployed prior to this year.
“We saw an average of around $2.5 million in GSOC business per year, which was roughly 15 integrated GSOC systems per year,” she says. “Profitability for these complex projects lands typically on the higher end of the scale [as] compared to other control center integration business.”
Bonner likewise points to substantial profitability potential, although he acknowledges that Diversified doesn’t heavily focus on GSOCs.
“But,” he remarks, “[we] have had the opportunity to work on a handful of them — either by just designing or by performing design-build services. Typical value of these jobs is around $1.5 million.”
Obviously, reaching numbers like that depends heavily on the overall scope of work. Bonner echoes Nolan’s comments on profitability potential, saying there “has been typically greater than 20% margins on those deals.”
Meanwhile, Boulgarides reports that his firm builds three to four new GSOCs per year.
“We are building GSOCs for clients, and we will potentially staff them,” he states. But rather than generalizing about these projects, he emphasizes that each client is unique.
“As a managed security provider, we approach each client differently,” Boulgarides declares. “Our goal is to help our customers bring their security personnel and security technology together. [It] is the culmination of that process to create efficiencies in a GSOC.”
Nolan makes the case that, if integrators design the correct system architecture and align it with a well-understood concept of operations in GSOC environments, “the end-to-end system integration can be engineered and technically implemented on time, within budget and in accordance with the end user’s specific mission-critical workflow needs.”
This is a prime opportunity for integrators to demonstrate their quality of service and technical excellence, as well as their attentiveness to client needs.
Nolan continues, “[This] sets the groundwork for building considerable trust as a technology solutions provider, particularly when you’re responsible for reliably routing and displaying sources of real-time data that are pivotal to an operator’s effectiveness in handling security incidents.”
Consistent Usability, Seamless Functionality
If, as Nolan believes, people are always at the heart of every system, then every technology investment is “predicated on delivering consistent usability and seamless functionality for end users to be productive and ensure business success.”
Accordingly, she has strong views about integrators maintaining ongoing involvement in mission-critical environments like GSOCs.
“For GSOC technology solutions, an ongoing service contract with both predictive and preventative maintenance components isn’t just a good rule of thumb,” she declares. “It’s an ironclad standard.”
To buttress this argument, she points to the mission-critical nature of these 24/7 operating environments.
“Security analysts and control room operators alike just simply need technology that works, no matter what,” Nolan says. She argues virtually uninterrupted operations of the technology estate should be non-negotiable.
Nolan states that the burden for maintaining and managing GSOCs’ system health and functionality should be the integrator partner’s sole responsibility — not the duty of GSOC managers or day-to-day operations staff. Clients shouldn’t “have to worry about the integrity or reliability of their operations center,” she says.
Nolan adds that regular maintenance schedules, proactive monitoring and rapid response to technical issues are all critical, which makes it essential for GSOCs to partner with experienced service providers that can integrate remote monitoring capabilities to optimize system performance.
Boulgarides largely agrees with this view, saying his firm routinely offers clients cloud-based solutions to support their GSOC environments’ uptime and efficiency.
“We will also support and train existing personnel [or] contract personnel or provide staffing for them,” he adds. “It’s important to be flexible and listen to the customer to ensure we are providing them with the best solution.”
Evaluating GSOC As-a-Service
Although Bonner acknowledges that GSOCs aren’t a focal area for Diversified, the firm nonetheless has a well-defined approach for them.
“[It] has been to first design with a complete design team — architecture and engineering teams — [and] then implement, [and] then service,” he explains.
“Diversified has the unique ability to bundle all three for companies almost globally — at least, in the regions of the world where these types of rooms are located.” Bonner adds that, in light of today’s technology offerings within GSOC environments, “end users are very much inclined to look for an as-a-service model for GSOC operations.”
On the last point, Nolan articulates a different view.
“When it comes to an as-a-service model for GSOCs,” she begins, “we have not seen clients adopt this purchasing alternative for their systems or for ongoing maintenance and support.”
The reason, she says, is that large spaces like GSOCs typically operate on an annual estimated budget that may not necessarily allow these enterprises to align technology integration costs with operational versus capital expenses. This essentially negates the flexibility in funding and expense management that as-a-service can often unlock.
But that’s not the end of the story, from Nolan’s point of view.
“The explosive availability of more software-centric platforms and tools within an integrated system, combined with unpredictable hardware margins, does create new opportunities,” she acknowledges. That means “an as-a-service or subscriptionized offering might become more viable to pursue and more attractive to buyers.”
GSOC Business Growth
According to SSI’s research study, growth forecasts among integrators who pursue GSOC work seem quite rosy. Indeed, looking at the year ahead, only one-in-20 integrator respondents forecasted a decline of any magnitude in their GSOC-related projects, whereas nearly four-in-five respondents forecasted growth.
Although a small plurality of survey takers forecasted 12-month growth of 1% to 5%, responses were widely distributed between percentage categories, with 21% of respondents forecasting growth exceeding 20% over the next 12 months. This underscores the attractiveness of the GSOC opportunity.
Boulgarides can attest to some of this personally.
“We’ve been experiencing a 20% year-over-year growth in our GSOC-related services, and we are also seeing substantial growth in our managed access control and remote video monitoring services,” he reports.
CTI, whose command-and-control foothold is now quite strong, likewise reports GSOC business growing steadily in all markets. Nolan attributes this to several factors.
“First, there is a heightened awareness [of] security and safety globally,” she observes. “Second, the technology costs for both hardware and software required to support a GSOC have decreased.”
Third, Nolan points to both software and hardware improving dramatically over the last few years.
“Not only from enhanced features and capabilities,” she explains, “but also from simply empowering security teams to better aggregate and control all the disparate endpoint technology networks and sources of mission-critical data, such as video surveillance or sensory images.”
Nolan believes a true confluence of circumstances is continuing to drive the rising prevalence of, and transition to, GSOCs.
She points to “the need for enhanced real-time situational awareness that provides more detailed intelligence, coupled with technology advancements for daily workflow, [such as] AI-driven analytics, IoT integration and the benefits of cloud-based solutions.”
With GSOCs not being a focal area for Diversified, Bonner offers a conservative estimate of 5% of revenue deriving from GSOC-type engagements. But it shouldn’t surprise industry observers if we see that percentage grow substantially in coming years.
“A pivoting focus toward public safety will include approaching our customers who have a need for a GSOC,” Bonner adds.
Operators at the Heart
Let’s return to Nolan’s maxim that people are always at the heart of every system. There’s no doubt that operators must be central to integrators’ thinking in all aspects of GSOC design and implementation.
Bonner makes the point well, saying, “To not start with the idea of making [operators] the best at what they do is a disservice. It begins and ends with how effective we can make operators by reducing fatigue and eliminating errors.”
Ultimately, he says, the key is a combination of solid control room design discipline and enabling technology that allows operators to work with confidence and focus on the mission — not fumble with the technology.
Nolan offers a clarion call for integrators to prioritize human-centric design principles.
“This means placing a strong emphasis on designing and building an environment with an integrated technology solution that both improves the security operator experience and optimizes workflow productivity,” she explains.
After all, Nolan observes, operators in GSOCs are tasked with mitigating risk, safeguarding individuals and assets, and maintaining constant vigilance — a portfolio of responsibilities that almost inescapably entails long hours, stressful conditions and high pressure.
Integrators play an indispensable role in helping operators maintain the situational awareness that keeps GSOCs running.
“A GSOC is far more than just another room in a building,” Nolan stresses. “It serves as a high-performance nerve center with unique requirements.”
If integrators fail to meet those requirements, it will result in suboptimal operator performance, thus jeopardizing the protection of critical assets.
“Workstations should be meticulously designed, arranged and implemented not only for optimal ergonomics but also for seamless 24/7/365 operation,” Nolan states. “Additionally, the physical space housing this technology and the peripheral elements for day-to-day spatial functionality require careful consideration.”
She points to factors such as lighting, acoustics and HVAC systems, as well as sightlines to all mission-critical videowalls and display systems, saying all of these are crucial to creating an environment conducive to peak performance.
GSOC: Nexus of Security and AV?
Already, we’ve seen that the advanced technologies that integrators deploy in GSOCs can muddy the once-obvious lines of demarcation separating security and AV. Large overview videowalls, personal videowalls and efficient, highly capable video processing systems sit alongside high-resolution video surveillance, real-time monitoring dashboards, interactive maps and other tools to help operators assess and respond to real-time threats.
This invites the question of whether GSOCs amply illustrate the forces that drove CI and SSI together in print. If you ask Boulgarides that question, his answer will likely be yes.
“The role of the classic security integrator has evolved,” he states, “and security providers need to start looking at themselves as service providers.”
Being a true service provider means thinking beyond parts and pieces — and may entail breaking outside the four walls of security.
Nolan offers a more equivocal answer.
“Although security integrators assist their clients in deploying crucial field and intelligence gathering technologies, such as smart video surveillance, biometric access controls, IoT sensors and intrusion detection,” she begins, “their expertise is typically much more limited in designing, implementing and maintaining these complex systems as they interconnect with an AV system integration in [a GSOC].”
Because clients expect their technology estate to seamlessly integrate and efficiently operate, Nolan says it’s quite commonplace “for security integrators to reach out and collaborate with experienced AV integration firms that have proof of performance designing systems for mission-critical environments.”
Project size and scale also factor in. For smaller projects, the typical security integrator can seek guidance and information from a trusted AV integrator partner, even while executing the installation independently.
“When the needs are greater and involve a large-scale videowall that’s crucial for central monitoring and decision-making processes,” Nolan says, “the security integrator will [often] leverage a control room technology integrator as a force multiplier, offloading the tasks of designing and implementing these highly specialized systems.”
Ultimately, the performance of both security and AV systems depends on the accuracy and quality of the other. That fact alone underlines why, regardless of an integration firm’s primary focus, it’s incumbent on all integrators working in GSOCs to embrace synergistic, mutually advantageous relationships across specialties.
The AI Question
Artificial intelligence is arguably the most hotly discussed technology topic across trades. This invites the question of whether GSOCs are leveraging AI technologies to analyze incidents in real time, predict future incidents and speed up response times. (It also begs the question of what, exactly, “AI” means.)
SSI’s research study found that AI — however responding integrators chose to define it — hasn’t yet reached the level of maturity to meaningfully enhance GSOC operations. Indeed, only one-in-20 integrator respondents called AI core to most GSOCs’ functionality today.
Moreover, 36.8% said AI plays only a small (or negligible) role in the function of most GSOCs.
Boulgarides captures that sentiment precisely, saying, “I am not seeing this right now. The use of analytics for the purpose of event-based monitoring is widely adopted and accepted, [but], so far, I’m not personally seeing that much AI in action.”
Bonner turns the question on its head, using “AI” to refer to a different term: assistive intelligence.
“Data analytics, data correlation and aided decision-making have been a part of the space for some time,” he explains. However, Bonner hastens to add, “I believe humans — not machines — will continue to make control rooms work.”
Thus, although he believes it’ll be imperative for integrators to harness the power of future AI developments, these tools will be, at best, more effective aids for human operators who make decisions and act.
For her part, Nolan makes the case that AI technology is becoming essential to modern GSOC operations — albeit gradually — due to the need to synthesize near-limitless quantities of data from sensors of every sort, threat databases, news outlets and more.
“New capabilities are increasingly being leveraged to simplify data interpretation and improve incident management and response within GSOCs,” she observes.
Calling to mind Bonner’s dichotomy of “artificial intelligence” versus “assistive intelligence,” Nolan points to some of the applications she has her eye on.
“Video analytics can monitor thousands of cameras and provide alerts,” she says. “Automated incident response systems can organize and prioritize initial response scenarios, which can greatly [speed up] response times.”
What’s more, Nolan adds, “predictive analytics can help GSOCs automate threat detection, identify patterns and anomalies in large datasets, and expose vulnerabilities with added machine learning algorithms.”
Whichever term you use “AI” as shorthand for, it seems clear that the continued development of technologies like these will help GSOCs become truly proactive in protecting assets and mitigating risk.
Feedback for Vendors
SSI asked our experts for any feedback they’d offer the vendor community to enable integration businesses to be more effective partners to GSOC clients.
Bonner prefaces his answer by saying Diversified’s manufacturer and subcontractor partners are fantastic at understanding how to get work done in control room environments.
But he says one area where everyone can improve is “the ongoing service and maintenance of these facilities, as well as helping customers to better integrate the technology into the workflows that are unique to their operations.”
Bonner adds, “Designing, installing and providing break-fix or warranty services is not going to be sufficient for much longer. Our communal ability to support end users from end to end, which can be 10 years, is imperative as we move forward.”
Nolan sets aside factors like cost and support, choosing instead to focus her attention on another key factor for improving GSOC technology implementation.
“Vendor interoperability essentially ensures that their products and solutions can seamlessly integrate with other systems and technologies commonly used in GSOCs,” she explains, “[This], in turn, sets the groundwork for designing the integrated GSOC system with scalability in mind as the enterprise expands its staff or global footprint.”
Nolan also harkens back to the AI conversation, encouraging vendors to commit to sustained research and development by investing in the talent and resources needed to innovate and advance the capabilities of technologies in mission-critical environments.
“This includes exploring, experimenting [with] and, eventually, mastering embedded technological capabilities such as artificial intelligence, machine learning and — probably the most beneficial for GSOC analysts — automation to enhance the efficiency, accuracy and effectiveness of security operations,” she says.
Finally, Nolan exhorts the vendor community to protect data and the network, saying it’s crucial for manufacturer partners to implement robust security measures that protect GSOC environments from ever-present cyber-threats.
“Prioritizing cybersecurity best practices, and [actually having] safeguards built into hardware and software, makes the design and integration process much smoother,” she declares. Nolan also touts the adoption of industry standards, such as NIST security frameworks, SOC2 and ISO27001 compliance.
Concluding Thoughts
Strong relationships lie at the heart of every integrator/client collaboration. But, given the stakes in mission-critical environments like GSOCs, that collaboration’s effectiveness reaches a new level of importance.
Boulgarides, when asked what client organizations can do to ensure optimal GSOC outcomes, espouses the importance of “having a clear vision of what they want, a clear understanding of what the current technologies are capable of and realistic expectations as to what can be accomplished in the SOC environment.”
Bonner offers similar advice, saying end users must be inquisitive, educating themselves on all aspects of the control room and how they can positively influence operator experiences.
“Oftentimes, customers see the space in silos,” he explains, “[rather than] in a way that truly envelops the operator experience within the room.”
According to Bonner, “Seeking to understand how the physical and non-physical elements of a specialized space like a control room [can affect] operators is a key learning that I’d urge end users to truly grasp.”
He alludes to an incipient industry group, the Critical Operations Alliance, which will empower North American control room market stakeholders to spread knowledge.
“Keep an eye out for more on that organization,” Bonner concludes.
Finally, Nolan encourages GSOC decision-makers to do as integrators seek to do — namely, center the needs of security operators and staff.
“[They] will be working with the technology every day,” she observes. “Their input on functionality requirements is critical. [The] ergonomics, and how to optimize their workflow efficiency, is crucial to implementing a successful system.”
Nolan also underlines the importance of engaging key IT administrators early on, incorporating them into the needs analysis and design phase.
“[This] will help avoid a range of potential network disruptions and roadblocks [down the line],” she concludes.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!
This post was originally published on 3rd party site mentioned in the title of this site
